Ethan Wallwork created CXF-5278:
-----------------------------------
Summary: STS Renew returns incorrect lifetime
Key: CXF-5278
URL: https://issues.apache.org/jira/browse/CXF-5278
Project: CXF
Issue Type: Improvement
Components: STS
Affects Versions: 2.7.6
Reporter: Ethan Wallwork
SAMLTokenRenewer#renewToken sets the lifetime attribute of the
TokenRenwerResponse to the difference between the NotBefore and NotOnOrAfter
attributes of the SAML assertion conditions. Later the
TokenRenewOperation#createREsponse method creates a Lifetime using the current
timestamp as the Created value and the current timestamp plus the previously
calculated difference as the Expires.
In cases where the NotBefore of the SAML assertion conditions is not the
current time this results in an incorrect lifetime in the response from the
renew operation. For example, if the NotBefore is a few minutes in the past to
work around systems with clock differences then the lifetime in the response
will claim the token expires a few minutes before it actually does.
This seems to cause issues with caching of tokens on the client side
(STSClient) as the token will be cached for a period shorter than it should be.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
